wordpress blog stats
Connect with us

Hi, what are you looking for?

Amazon’s Twitch hit by massive data breach, entire source code and user payout info leaked

Data leaked from the live streaming platform which has not been very forthcoming in its operational details, is 125GB in size.

Amazon-owned Twitch has suffered a massive data breach that has resulted in the leak of its entire source code and user payout information, Video Games Chronicle (VGC) reported on October 6 based on data shared by an anonymous hacker.

“We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this,” Twitch tweeted Wednesday evening. “We will update the community as soon as additional information is available,” the company said.

Update (8 Oct, 8:30 am): Twitch said that the breach was due to an error in a Twitch server configuration change. The company also said that login details and full credit card numbers were not exposed.

Twitch is a live streaming e-sports platform with over 30 million average daily visitors where gamers broadcast themselves playing video games.

MediaNama has reached out to Amazon India to understand the impact of the breach on Indian users and we will update this report when we get a response.

What data has been leaked so far?

According to VGC, the leaked data is 125GB in size and consists of the following data:

Advertisement. Scroll to continue reading.
  • The entirety of Twitch’s source code with commit history
  • Creator payout reports from 2019 until now, including how much popular streamers earned on the platform (81 Twitch streamers have been paid more than $1 million by Twitch since August 2019, the report stated).
  • Mobile, desktop, and console Twitch clients
  • Proprietary SDKs and internal AWS services used by Twitch
  • “Every other property that Twitch owns” including IGDB and CurseForge
  • An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
  • Twitch internal ‘red teaming’ tools, which are tools designed to improve security by having staff pretend to be hackers, the report said

VGC said that the leaked data was publicly available on 4chan for download, but the thread has since been removed and MediaNama wasn’t able to independently confirm the contents of the leak. 

Screenshot of 4chan thread with the leaked data. Source: ArsTechnica

“Jeff Bezos paid $970 million for this, we’re giving it away FOR FREE,” the hacker said. The hacker also said that this is “part one” suggesting that there is more to come.

Ramifications of the leak

The hacker claims to have leaked this data to “foster more disruption and competition in the online video streaming space” because Twitch’s community is a “disgusting toxic cesspool.”

Twitch famously fiercely guards operational details such as how much its streamers are paid, so this looks extremely embarrassing for the company. And it comes at a time when competitors such as YouTube Gaming are offering huge salaries to snap up gaming talent, so the fallout could be significant. — Cyber reporter Joe Tidy for BBC

Platformer’s Casey Newton spoke to Twitch engineers to understand how this leak could have happened and found out that “Twitch had a notoriously lax approach to internal security.” He found “the company did not develop an effective model to counter internal threats” and “every engineer could clone every code repository, making it possible for someone to essentially copy and paste the entire code base.”

With the code base out in the wild now, Twitch’s real problems are only beginning. With the leaked files, a motivated hacker could install an instance of Twitch on their local server, and then attempt to reverse-engineer exploits from what they find. — Newton

Also Read

Have something to add? Post your comment and gift someone a MediaNama subscription.

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.


Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.


This article addresses the legal and practical ambiguities in understanding the complex crypto ecosystem in India.


It is widely argued that the PDP Bill report seeks to discard the intermediary status of social media platforms but that may not be...


Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ